“Internet Voting Isn’t Safe”

The e-voting saga continues.

Four computer scientists say in a new report that a federally funded online absentee voting system scheduled to debut in less than two weeks “has security vulnerabilities that could jeopardize voter privacy and allow votes to be altered”. They say the risks associated with Internet voting cannot be eliminated and urge that the system be shut down.

The report’s authors are computer scientists David Wagner, Avi Rubin and David Jefferson from the University of California, Berkeley; The Johns Hopkins University and the Lawrence Livermore National Laboratory, respectively, and Barbara Simons, a computer scientist and leading technology policy consultant. They are members of the Security Peer Review Group, an advisory group formed by the Federal Voting Assistance Program to evaluate a system called SERVE, set up to allow overseas Americans to vote in their home districts. The first tryout is scheduled Feb. 3 for South Carolina’s presidential primary.

The four say that “Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect. Such tampering could alter election results, particularly in close contests.” They “recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world’s home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear.”

The authors of the report state that there is no way to plug the security vulnerabilities inherent in the SERVE online voting design. “The flaws are unsolvable because they are fundamental to the architecture of the Internet,” says Wagner, assistant professor of computer science at UC Berkeley. “Using a voting system based upon the Internet poses a serious and unacceptable risk for election fraud. It is simply not secure enough for something as serious as the election of a government official.”

In short, the guys are saying the Internet is just not up to handling something like voting. But they also see the way the SERVE program carries the same flaws as the Diebold and other commercial electronic voting systems that have gotten such bad press in recent weeks (some of the four authors have been in the forefront of exposing those weaknesses). “The SERVE system has all of the problems that electronic touchscreen voting systems have: secret software, no protection against insider fraud and lack of voter verifiability,” says Jefferson. “But it also has a host of additional security vulnerabilities associated with the PC and the Internet, including denial-of-service attacks, automated vote buying and selling, spoofing attacks and virus attacks.”

After studying the prototype system the four researchers said it would be too easy for a hacker, located anywhere in the world, to disrupt an election or influence its outcome by employing any of several common types of attacks familiar to regular readers:

A denial-of-service attack, which would delay or prevent a voter from casting a ballot through the SERVE Web site.

A “Man in the Middle” or “spoofing” attack, in which a hacker would insert a phony Web page between the voter and the authentic server to prevent the vote from being counted or to alter the voter’s choice. What is particularly problematic, the authors say, is that victims of “spoofing” may never know that their votes were not counted.

Use of a virus or other malicious software on the voter’s computer to allow an outside party to monitor or modify a voter’s choices. The malicious software might then erase itself and never be detected.